Emergence of the Internet of Things (IoT for short) brings convenience to people's life. In the IoT field, there are a large quantity of resource constrained nodes that are mainly characterized by low energy consumption, low storage, and low resource computing and processing capabilities. The resource constrained node is faced with many security threats because of the low resource processing capability of the resource constrained node. For example, an IP network protocol is mainly encrypted based on a key and a random number, and a key length recommended by the Internet Engineering Task Force (IETF) is 112 bits. However, the resource constrained node cannot store and process a key of such a length.
In consideration of node security, a network address translation (NAT for short) technology is used in the conventional art. Specifically, a NAT device maps an internal device network address to an external device network address. This can not only reduce a requirement for the external device network address, but also can hide the internal device network address, thereby implementing security isolation.
Currently, the following three types of mapping are usually used in the NAT technology: endpoint-independent mapping, address-dependent mapping, and address and port-dependent mapping.
The endpoint-independent mapping means that for a data packet sent from a same internal IP address and a same internal port to any external IP address and an external port, the internal IP address and the internal port are mapped to a same external IP address and a same external port.
The address-dependent mapping means that for a data packet sent from a same internal IP address and a same internal port to a same external IP address, the internal IP address and the internal port are mapped to a same external IP address and a same external port regardless of an external port number.
The address and port-dependent mapping means that for a packet sent from a same internal IP address and a same internal port to a same external IP address and a same external port, the internal IP address and the internal port are mapped to the same external IP address and the same external port.
Regardless of which mapping manner is used by the NAT device in the NAT technology, the NAT device allocates a corresponding external network address of an external device to an internal network address corresponding to an internal device, and needs to keep a mapping relationship between the internal network address and the external network address alive.
However, in the current NAT technology, the internal device needs to send a heartbeat message to keep an address mapping relationship alive. In addition, the NAT technology is used to shield an IP address of a resource constrained node to improve security. However, in a User Datagram Protocol (UDP for short) scenario, it is unacceptable for a resource constrained node with low energy consumption to frequently send a heartbeat message to keep an address mapping relationship alive. In a Transmission Control Protocol (TCP for short) scenario, an external mapping address of a resource constrained node is fixed for a long period of time because the resource constrained node is in a connected state for a long period of time. Consequently, it is more likely that an external attacker steals an address to send a forged message, and security of the resource constrained node is reduced.